Day: October 24, 2017

Interview with Tolga Gonenli

Tolga Gonenli is well-known conference organizer, which we’ve met with at the first EuroForensics conference. He, now, organizes EMEA Intelligence, the only Intelligence and Surveillance technologies conference in the region. It is very interesting to learn, what is behind the curtains of conference preparations. Today Tolga shares his experience regarding that.

Tolga Gonenli, graduated University of Massachusets, Amherst, with a degree in Political Science. Following his graduation he went back to his homeland, the Republic of Turkey, where he excelled in running international trade shows for different employers and sectors, finally to become one of the coordinators of CeBIT Eurasia, the largest ICT exhibition in the EMEA region.

His career allowed Tolga to be able to analyse the current ICT sector in the region, which led him to discover the need for specialized conferences in forensic sciences and intelligence technologies.

Tolga is now the managing partner of A.T. Strategies (ATS), a company which represents many international companies in counter terror technologies, lawful interception, and forensics. ATS, together with its partnering company Komtera Technologies, organizes an annual event by the name EMEA Intelligence: International Intelligence and Surveillance Technologies Conference and Exhibition in Turkey.

Tolga Gonenli, managing partner of A.T. Strategies

Yuri: Tolga, please briefly describe your current occupation.

Tolga: I am the managing partner of ATS Consultancy, which organizes the only intelligence & surveillance technologies conference and exhibition, namely ‘EMEA Intelligence’ in the EMEA region as well as represents major international defense, detection, forensics and surveillance equipment and infrastructure companies especially in the Republic of Turkey.

Yuri: What did you major in at university?

Tolga: I majored in Political Science at the University of Massachusetts, Amherst. I did one year exchange at the University of Heidelberg in Germany within the social sciences department; adding the European perspective to my education.

I believe in boutique events with subject matter focus

Yuri: You are successful event organizer. Why did you decide to organize forensics conferences?

Tolga: I used to be one of the coordinators of a major IT gathering in the entire region including Turkey. My personal assessment of the event/exhibition business is that the era of the major events which umbrella over gross number of topics, is coming to an end. I believe boutique events with subject matter focus, housing both a conference and an exhibition under the same roof, enabling the user to interact with the experts speaking at the conference are going to be the future of this business.

The regional market indicated that the EMEA region did not have an international IT security and/or security IT event at the time. We started with a forensics focus, later to evolve, with the feedback coming from both the end-users and the vendors, into an intelligence and surveillance event. I believe our business can easily be categorized under the topic of ‘Homeland Security’.

An organizer has to understand the needs of both end-users and vendors

Yuri: What features do you think you have which help you to be that successful in conference organization?

Tolga: An event organizer has to understand the needs of the end-user as well as the vendor in the region. I seek and receive feedback from both these players in the market and construct the following year’s event accordingly. The major feature of personal success and the success of any conference and/or exhibition is flexibility and market compatibility.

Yuri: I have been attending only two conferences with both computer and medical forensics in one. One of them was EuroForensics. Why did you decide to couple these two branches of forensic science?

Tolga: Bringing digital & medical forensics together under one roof did not prove to be a successful model, and received much criticism. We therefore took a different route and created an only digital content event by the name ‘EMEA Intelligence’.

Tolga Gonenli and his conference

Yuri: To what extent is it complex to organize a conference of this size? What is the most complex thing to solve?

Tolga: The most complex part of any event is attracting the right portfolio of international visitors.

Turkey is the best location here for information flow

Yuri: Why Turkey? Is it just because you are from there or is there some major idea behind choosing this country?

Tolga: Turkey is indisputably the best location for information flow in the EMEA region. Social and political standing and future vision of Turkey, signals a regional leadership of all information flow, bridging west to the east, south-east, and north-east.

Yuri: What is the most challenging in organizing a conference? What is, vice versa, your reward?

Tolga: Challenge is to attract the right portfolio of international visitors, which also possess the buying and/or decision making power. Reward is the sustainable network created around the event.

Yuri: How do you measure conference success?

Tolga: The answer is three-fold; a successful event is:

  1. Where the vendor attending the event meets their prospective buyer, and receives information about future projects & tenders.
  2. Where the vendors find suitable and sustainable partnerships in the region, enabling them to coordinate their sales and services in countries abroad.
  3. Where the visitors learn about the future vision of the vendors, are able to share their current problems, and find new technologies, which may address their issues.

We try to visit as many conferences as possible

Yuri: Do you visit other conferences of this kind? Do you improve, basing on such experience?

Tolga: We try to visit as many conferences as possible of similar backgrounds to improve our vision leading up to the best possible service for the attending vendors as well as visitors. We also ask our network to give us feedback based on their experience attending other events, and what they believe would increase their value/return by their participation to EMEA Intelligence.

Yuri: What would you recommend to a person, who’d like to organize brand new conference in their country? What are the major fiducial points?

Tolga: One would have to contact all concerned parties within their own country, and gather information as to what their needs are regarding their operational mission & vision. Analysis of this information is fundamental to the success and sustainability of the event, which will unavoidably benefit both the vendor and the visitor attending the event.

Yuri: What forensic resources do you regularly read?

Tolga: I follow

Yuri: What do you see as major trends in forensic conferences? More or less interest, more or less visitors/exhibitors of any kind, etc?

Tolga: We believe the major trends are counter-intelligence, lawful interception, image and video analysis, homeland security, and forensic accounting.

Yuri: How old are you?

Tolga: 31

Yuri: How many kids do you have?

Tolga: None

Yuri: How do you spend your free time?

Tolga: Sports

Yuri: How many hours of sleep do you usually have?

Tolga: 6

Yuri: What is your favorite vacation spot? What is the most unusual place you have ever been to?

Tolga: Maine, USA. Unusual is in the eye of the beholder.

Yuri: Do you do any sports? Which one? What is your preference in watching professional sports?

Tolga: Waterpolo, Martial Arts & Golf

Yuri: When did you have your last vacation? A real vacation, without any Internet and calls from your colleagues or customers?

Tolga: Exactly 12 months ago.

Yuri: Do you have a dream?

Tolga: You will hear about it in 6 months to 1 year time frame.

Yuri: Very intriguing! Thanks, Tolga, for your interview!

‘He, now, organizes EMEA Intelligence,

the only Intelligence and Surveillance technologies conference in the



Interview with Alan Kakareka

In our interview with Almantas (or Alan) Kakareka, Founder and CTO of Demyo, Inc, he speaks on malware threat and Russians.

Almantas is a InfoSec consultant to businesses around the globe and a founder and CTO of Demyo, Inc. He has over 10 years of IT security-related experience. His expertise are vulnerability assessments, threat intelligence and penetration testing. Almantas has a Master of Science degree in Computer Science from Florida International University and certifications such as CISSP, GSNA, GSEC, CEH.

Alan Kakareka, InfoSec consultant, Founder and CTO of Demyo, Inc.

Yuri: Alan, please briefly describe your current occupation.

Alan: My current occupation is the same as it was for the last 10 years or so. I work in the InfoSec field. Currently in VA, Pen Test and threat intelligence areas. In the past I have worked probably in every InfoSec field possible, i.e. memory analysis, HDD forensics, network forensics, source code auditing, threat modeling, and reverse engineering, just to name a few. Check it out

All good things come to those who wait

Yuri: How did you become involved in computer security field?

Alan: My grandma was working in IT department at some university back then. One-day preschool was closed or something, so she took me to her job. I was 6 years old back then and it was 1985. I saw a computer with black background and green letters and I fell in love… Since then all my attention become electronics and IT-focused. Back then computers were insanely expensive, and I was visiting friends, who had them and computer clubs to get my hands on them.

After many years of frustration the day has come and my parents bought me a computer for my 13th birthday. The luckiest day in my life! I got some kind of ZX Spectrum clone, with Z80 processor, which was 3.5Mhz. I had to use cassette player to load data from the cassette tape and to my biggest fear at the end I used to get “R Type Loading Error”. A few of years later I bought my first PC, it was 386SX with 4 megabytes of RAM IIRC, monochromic VGA monitor, and started sitting on this computer day and night, day and night.

My parents become worried for my health and my grades at school so my father started to take my mouse with him when he goes to sleep. Well it solved only one problem – my bad knowledge of shortcuts, thanks daddy! After couple of days I got caught again in front of computer at night, and this time mouse and keyboard were gone. Bad days has come, but there was a solution to buy another set of mouse and keyboard from my friend. Voilà! Another couple nights of happiness.

Are you still here? Patience please, answer is coming to this question (smiling). All good things come to those who wait. So my parents called up some friend who put a BIOS password on the system, and my good days were over. This was my first InfoSec project. I had to figure out how to take it away. You have to remove BIOS battery and it usually defaults all BIOS settings. Now it seems very easy, but back then it took me quite some time to figure it out, to figure out how to take BIOS password away.

All I knew was “hello”, “goodbye” and “give me some more beer”

Yuri: Do you have any related education?

Alan: My bachelors is in electrical engineering, so if you need your bulbs to be changed at the office please call me (smiling). I got EE degree from Kaunas University Of Technology, which is located in Lithuania. After moving from Lithuania to USA back in 2003 I was looking for a job for a long time without any success to my greatest disappointment. I started working crappy jobs all over and investing all other free time into IT, just like years before.

One night I read a post at some forum, the guy was eventually in the same situation and he put it like this “I didn’t get the job I wanted until I got a degree from US University”. That was it, I drove to Florida International University next morning to ask about programs they had. I had to pass English test, do my bachelors evaluation and GMAT test. Needless to say, being born and rised outside of USA, English was not native language for me. All I knew was “hello, goodbye, and give me some more beer”. Ok, that’s a joke. So I got my masters of science in management information systems.

Yuri: Please describe your working day.

Alan: A short version would be: “wake up, solve problems, go to sleep”.

Alan and Intel are in very close relations!

Yuri: When you get to, what do you do first?

Alan: Start reading my email, and that’s how my job starts.

I go to sleep when I’m done, not then I’m tired

Yuri: What do you do most of the time? Are there days when you work 14 hours or longer?

Alan: Oh yeah, a lot of these days. If I have a project that just has to be done, I’m eager to get it done. I go to sleep when I’m done, not then I’m tired.

Yuri: What do you like about your job most? Less?

Alan: In general I like InfoSec because it is something new every day. Typically I get bored pretty fast, but InfoSec keeps my interest up all the time. There are new exploits every day, new ways to attack and defend every day, new twists in forensics every day. What I don’t like much is report writing, but oh well, many times report is the only deliverable to the client, so it has to be pristine. And I’m getting better at it; I used to write report in the end, now I start early and filling in the all the blanks as I go from the very beginning.

Yuri: How did you start your company?

Alan: I wanted to have my own team for a long time. Good time come up about 2 years ago and here we are.

Yuri: What are the most often projects your company works on?

Alan: Pen Testing, Vulnerability Assessments and Threat Intelligence.

Our customers come first and I really mean it

Yuri: What is special about your company?

Alan: Our customers come first and I really mean it.

Yuri: What is the most interesting thing a customer has ever said about your company or your solutions?

Alan: ”I didn’t know Russians are able to do good work.” USA people confuse me to be Russian all the time, probably because of the accent.

Yuri: What is about your company, you are proud of?

Alan: Aside from our customers being priority number one, I’m proud about our work environment for our employees. We don’t have directions what OS, what programming languages, what tools have to be used and so on. Invent your own OS or programming language for God’s sake. There is only one goal − to get the job done beyond expectations and on time.

Yuri: I remember your talk at HackersHalted in Miami, where you gave an excellent overview of various Russian h4x0r resources. Do you use them in your investigations? Was you successful in penetrating to closed areas of such resources? Did it really help?

Alan: Every Russian hacker forum has closed sections, usually there are 4 sections in total, 0 level would be a public section where everybody can read and write messages, it is indexed by search engines and so on. Some forums require you to register an account with them to be able to see 0 level, but it is free and quick, so it’s no brainer. To get into 1st access level you need to be in the forum a little bit, and write some useful posts; 50-200 posts depending on the forum and you will be granted to the 1st level automatically. To get into the 2nd level you need to share some “good info”, some databases what not, to become a known and trusted persona with good feedback. To get to the 3rd and most interesting level you basically have to commit crime, and then others will vote on you.

I was on and off Russian hacking forums for long time

Yuri: Why have you chosen to become an expert in Russian cybercrime?

Alan: I was on and off Russian hacking forums for long time, I like to go there and see what is new in this arena. At one of my past jobs I had a breach our team had hard time solving. I went to Russian underground and was lucky enough to find some hacker posting just about our incident. That gave a great deal of insider information what happen. That case struck my head and since then I try to find information for my clients and cases in the underground. For company it is so much cheaper to know what’s happening in the underground that relates to the company and take action against it. The issue is many company don’t want to spend much money on proactive security, even if its 10 times cheaper to do so beforehand, they just spend millions afterwards, when all bad publicity is on the news and data is lost.

I wish I could speak Chinese

Yuri: Why Russian? Just because of language?

Alan: Language is one of the factors, I speak Russian and that helps, I wish I could speak Chinese as well (smiling).

Yuri: Are there really that much Russians in cybercrime?

Alan: May of them, as an example take a look at one of many Russian hacking and cracking forums – It has 2 million messages and 115 000 users. There are many more open and hidden forums with their own hidden sections.

Yuri: What is Russian specifics in cybercrime?

Alan: Russians are typically after money, where Chinese are mostly after information, blueprints or trade secrets. It does not mean they can’t switch, but that’s the common approaches by them.

Yuri: Do you often have a work connected to Russian cybercrime?

Alan: All the time.

Yuri: What is the most famous Russian-made malware?

Alan: Probably ZeuS, it’s all over Internet with its many plugins and many ways to exploit browsers. Some time ago ZeuS source code leaked, and a lot of new malware was created based on it. Many clones and modified versions of ZeuS are in the wild now.

Alan investigates threats of beer in Malta.

Yuri: Some time ago I have interviewed Pasquale Stirparo, who says the future of malware is mobile malware. What do you think on this statement?

Alan: I couldn’t agree more. Mobile devices are much less defended, a typical desktop or laptop has all the resources to exercise defense in depth, i.e. have antivirus engine on it 24/7, has resources to send syslogs to SIEM almost in real time, has resourses to have full disk encryption, tons of space locally and CPU to do a million things at any moment.

It is easier to attack mobile devices

Mobile devices on the other hand are limited on resources, they can have AV running on them 24/7 but it will slow down devices considerably, will suck out its battery, and this practice is not used 9 times out of 10. That’s why it is easier to attack mobile devices, they are less protected. One more thing it is annoying to type in complex, long passwords on mobile devices, so they typically contain much easier passwords.

Yuri: Are Russians already doing something like this? Chinese? Americans?

Alan: I have no doubt everybody does that who has skills to do it :)

Yuri: Ilya Sachkov from Group IB thinks that the problem in Russia is insufficient laws, which do not even have a notion of digital evidence. Do you agree?

Alan: It is insufficient laws, one more thing we have to remember it’s not enough just to write a law, that law should make sense, be in the best interest to the public and be enforced.

Yuri: What computer forensics or security resources do you regularly read? What would you recommend to others?

Alan: Other than I constantly read Russian hacking forums I like to read papers on, also follow full-disclosure mailing list.

Yuri: What do you see as major trends in cybercrime? Globally and in particular, in Russia?

Alan: As one of your questions mentioned mobile malware it is probably the case, Internet is getting mobile more and more, more smartphones, more various networks are being widely deployed (4G LTE, WiMax, and others), even cars are in the works to be constantly connected to the Internet.

Yuri: You are an author of Computer Security Handbook. What was your motivation to write it?

Alan: I just want to share my knowledge and ideas with others.

Yuri: Everyone knows it is very hard to complete a book. Whom do you recommend it to read, which readers?

Alan: I recommend it to everybody who wants to upgrade their skill and prosper in InfoSec. I didn’t write the whole book, I’m a co-author with many other great folks (smiling). This book has many interesting topics, and covers a wide array of technologies and techniques. The second edition is coming out in early 2013, which will have even more topics.

I’m 4!+9

Yuri: How old are you?

Alan: I’m x years old, where x = 4!+9

Yuri: Do you do any sports? Which one? What is your preference in watching professional sports?

Alan: I like basketball the most, however if it’s a super final of any sport I try to watch it.

I dream retina display will have anti-glare screen

Yuri: Do you have a dream?

Alan: I dream macbook pro with retina display will have anti-glare screen option sometime in the future.

Yuri: What music do you like?

Alan: I like psycho trance. Sesto Sento is one of my favorite groups.

Yuri: Thanks for your really amusing interview, Alan!